From upstream advisory at $URL: Description: It was possible to conduct XSS using a crafted database name. The victim would have to willingly click on a database name which clearly shows a possible XSS. Severity: We consider this vulnerability to be non critical. Affected Versions: Versions 3.4.x are affected. Solution: Upgrade to phpMyAdmin 3.4.10.1 or newer or apply patch listed below. Patches: Following commits have been made to fix this issue: https://github.com/phpmyadmin/phpmyadmin/commit/86073d532aed656550cb731aa5b4288b126ae7a6
Closing noglsa for XSS only.